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Amendments to the Specification 

Please replace the paragraph on Page 19, lines 4-18 with the following marked-up replacement 
paragraph: 

— A user of the present invention may connect his computer to a server using a wireline 
connection, or a wireless connection. Wireline connections are those that use physical media 
such as cables and telephone lines, whereas wireless connections use media such as satellite 
links, radio frequency waves, and infrared waves. Many connection techniques can be used with 
these various media, such as: using the computer's modem to establish a connection over a 
telephone line; using a LAN card such as Token Ring or Ethernet; using a cellular modem to 
establish a wireless connection; etc. The user's computer may be any type of computer 
processor, including laptop, handheld or mobile computers; vehicle-mounted devices; desktop 
computers; mainframe computers; etc., having processing (and o p t i o nally communication) 
capabilities* The remote server and the gateway machines, similarly, can be one of any number 
of different types of computer which have processing and communication capabilities. These 
techniques are well known in the art, and the hardware devices and software which enable then- 
use are readily available. Hereinafter, the user's computer will be referred to equivalently as a 
"workstation" or "client* and use of any of these terms or the term Server" or "gateway" refers 
to any of the types of computing devices described above. -- 

Please replace the paragraph that begins on Page 30, line 17 and carries over to Page 31, line 5 
with the following marked-up replacement paragraph: 

— The centralized access control techniques of the present invention provide a solution 
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that scales very efficiently. If some number of hosts "n" in one network cloud wanted to 
communicate pairwise with some number of [ftiost] J frosts *m" in another network cloud, a 
conventional IPSec solution would mandate the establishment of (m * n) pairs of unidirectional 
IPSec security associations, one for each pair of communicating hosts. When the present 
invention is used, however, only (n + m + 1) pairs of unidirectional IPSec security associations 
arc required C*n tt to connect each host in the first cloud to a local boundary device, u m" to 
connect each host in the second cloud to another local boundary device, and 1 to connect the two 
boundary devices), — 
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